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Operations Security (OPSEC) as a concept is probably as old as war itself. 
Nevertheless, the fact that poor OPSEC practices have been costly in loss of 
human life and lost objectives in every American war demonstrates that, 
despite its venerated age, Operations Security as a doctrine needs to be 
learned afresh by each generation. 

It is imperative that those with responsibility for military activities 
understand that observation of Operations Security principles is as essential an 
ingredient to victory as any of the other tools of war. To the extent possible, 
these lessons should be learned in peacetime — experience in recent conflicts 
shows there is unlikely to be a period of grace once a military emergency 




literature on the Vietnam War, It has much to say to two audiences: those 

unfamiliar with Operations Security will find it a good introduction to the 
concepts and methodology of this important component. Those already 
familiar with Operations Security should find it an interesting study of OPSEC 
origins as well as a refresher on the basic principles of the discipline. 

This story of PURPLE DRAGON is not just for the military; its lessons 
apply to the civilian cryptologic professional as well. The Center for 
Cryptologic History hopes that this study will reinforce the importance of the 
doctrine and help us to examine our premises and practices, military and 
civilian alike. 



DAVID A, HATCH 
Director, 

Center for Cryptologic History 
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Part I 

Introduction 



WHYOPSEC? 

(U) Throughout the history of armed conflict, a few general tactical rules have directed 
the actions of armies around the world: control the high ground; preserve your supply 
lines; and, most of all, maintain the element of surprise. 

(U) Generals have always recognized that tactical surprise is one of the most effective 
force multipliers available to them. Because of this, one of the primary objectives of every 
military campaign is to strike when and where the enemy least expects it and before he 
can take defensive measures. As the Chinese general Sun Tzu, writing in the fifth century 
B.C.E., advised, "Take advantage of the enemy’s unpreparedness; travel by unexpected 
routes and strike him where he has taken no precautions.” Another Chinese general, Tu 
Mu, said of Sun Tzu’s advice, "This summarizes the essential nature of war . . . and the 
ultimate of generalship.” L 

(U) In the twenty-five centuries since Sun Tzu, military history has been replete with 
examples of battles that were won in large part because an attacking army was able to 
maintain the element of tactical surprise. One battle, the first battle of Trenton during the 
American Revolution, can stand as a classic example of the benefits of tactical surprise. 

(U) Following a successful campaign in New York and New Jersey during the summer 
and fall of 1776, the commander of British forces in North America, Sir William Howe, 
decided in early December to suspend operations for the winter. British troops and their 
Hessian mercenaries were therefore bivouacked in a series of outposts across New Jersey. 
Bivouacked in Trenton were three Hessian regiments, plus miscellaneous troops and 
artillery under the command of Colonel Johann Rail - in all, about 1,400 men. Although 
instructed to build defenses for his troops, Rail, convinced that the Continental Army 
posed no threat to his position, merely established sentry posts throughout the town. 

(U) On Christmas night 1776, while Rail and his men celebrated with extra rations of 
rum, General George Washington set in motion one of the great surprise attacks in 
military annals. After ferrying across the Delaware River, which the British and 
Hessians deemed impassable due to floe ice, the Continental Army marched all night 
through the snow and, by dawn, 26 December, had managed to surround Rail’s troops on 
three sides. Surprise was so complete that the first evidence the Hessians had that the 
Continental Army was even on the move came when a sentry on the north side of Trenton 
caught a glimpse of the main Continental force on the edge of town. Before he could raise 
the alarm, the Continentals attacked. In the forty-five-minute battle that followed, Rail 
was killed while trying to rally his disorganized and unprepared troops, and the 
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Continental Army captured more than 900 prisoners, as well as large stores of arms, 
ammunition, and provisions. American losses were negligible. 2 

(U) While history shows many instances of battles like Trenton, won because an 
attacking army maintained the element of surprise, it is equally full of examples of battles 
lost by the failure to maintain surprise. An example of this, also from the American 
Revolution, was the British march on Lexington and Concord on 19 April 1775. 

(U) Based on intelligence that the Massachusetts Provincial Congress was gathering 
military stores in the town of Concord, the royal governor, General Thomas Gage, decided 
to send a troop of approximately 700 light infantry and grenadiers to Concord to destroy 
them. Gage's actions, however, soon gave his plan away. 

(U) Beginning on 14 April, Gage relieved the grenadiers and light infantry from their 
regular duties, ostensibly for training in new drill and maneuvers. Furthermore, on 15 
April all of the long boats and barges of the British transports in Boston harbor were 
transferred to shore. 

(U) These events did not go unnoticed by the populace of Boston. On 15 April, Joseph 
Warren, the patriot leader in the city, dispatched Paul Revere to Lexington to notify 
Samuel Adams and John Hancock of the developments. Word of the British actions also 
spread to Concord, where townspeople began removing the military stores to Worcester, 
further inland. On his return to Boston, Revere also met with Colonel William Conant of 
the Massachusetts militia in Charlestown and agreed to establish a signal in Boston's Old 
North Church which would indicate when the British troops began to move and whether 
they were crossing to the mainland by way of Boston Neck or crossing directly over the 
Charles River. 

(U) The situation in Boston remained tense but quiet for the next two days, but on 18 
April the HMS Somerset , without warning, was moved from its moorage in Boston harbor 
to a position at the mouth of the Charles River, where it would be able to control the ferry 
between Boston and Charlestown. General Gage also dispatched small squadrons of troops 
in the late afternoon to patrol the roads between Boston and Concord and prevent any 
messengers from getting through, and he ordered the sentries at Boston Neck to challenge 
anyone trying to leave the city. Finally, in the early evening, the light infantry and the 
grenadiers began to quietly assemble at the foot of Boston Common, on the banks of the 
Charles. By eleven o'clock, the first troops had begun to embark for Charlestown. 

(U) The implications were clear. Warren dispatched Revere and William Dawes to 
ride to Lexington and notify Adams and Hancock to escape, in case their capture was the 
object of the British troops. Revere and Dawes were also to rally the local militias and 
have them muster at Concord, in case the military stores were the British objective. 
Before setting out, however, Revere had two lanterns hung in the Old North Church's 
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spire to notify the militias on the northern and western banks of the Charles that the 
British were coming. 

(U) The two riders then set out. Revere left Boston by rowing across the Charles right 
under the guns of the Somerset , apparently without being detected. Dawes, meanwhile, 
somehow managed to convince the sentry on duty at Boston Neck to let him pass. Anyway, 
they both managed to get out of Boston and, as the famous poem relates it, to spread the 
word to every Middlesex village and farm. 

(U) By the time the British troops arrived in Lexington on the morning of 19 April, 
they did not find Adams and Hancock. They did find a small body of militia on Lexington 
Green. A quick skirmish put the militiamen to rout, and the British were soon on the 
march again to Concord. 

(U) At Concord the British found and destroyed most of the military stores still in the 
town. They also found a larger body of local militia, with more coming all the time. The 
British confronted, and were defeated by, the militia at Concord's North Bridge. Sensing 
that the situation was, or soon would be, desperate, the British began the long retreat back 
to Boston. The retreating column came under constant harassment from the militiamen, 
suffering heavy losses, and only the arrival of 1,200 reinforcements from Boston saved the 
original column from destruction. The British troops faced heavy fire all the way back to 
the Charles River, where the guns of the fleet in Boston harbor finally convinced the 
militiamen to cease their attack. 

(U) The British would remain besieged in Boston until the following March. 3 The first 
day of the American Revolution thus ended in a stunning upset as one of the most 
professional armies in the world, well armed and well trained, was routed by a 
disorganized rabble of farmers and tradesmen, most of whom had never fired a shot in 
anger before in their lives. And all because the British could not keep their intentions a 
secret. 

(U) As Washington himself wrote in 1777, "upon secrecy, success depends in most 
enterprises . . . , and for want of it, they are generally defeated, however well planned and 
promising a favorable issue." 4 From the Revolution to the present, the United States has 
made a concerted effort, through such means as physical security, cryptography, and 
counterintelligence, to keep information concerning its intentions and capabilities from 
falling into the hands of its enemies during wartime. 



VIETNAM AS AN OPSEC CATALYST 

(U) But while the benefits of maintaining the element of surprise as a military 
objective, and the dangers of losing that surprise, have always existed and have been 
recognized as vital to tactical, and even strategic, success, it was only during the war in 
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Vietnam that the United States began to make a concerted effort to review its security 
posture from the vantage point of an adversary in order to identify that information 
concerning U.S. intentions and capabilities that an adversary considers vital, to discover 
how he gains such knowledge about U.S. military plans and capabilities, and, finally, to 
develop strategies by which U.S. commanders could prevent him from gaining that 
knowledge. This "ability to keep knowledge of our strengths and weaknesses away from 
hostile forces” 5 became known as operations security, or OPSEC, and had its birth in an 
operation known as PURPLE DRAGON. 

(U) Early in its involvement in Vietnam, the U.S. military came to the realization that 
several of its operations were not being fully successful. Enemy forces were somehow 
consistently able to avoid the worst consequences of U.S. and Allied operations, and senior 
U.S. commanders wanted to know why. Assuming that North Vietnam and the Viet Cong 
were not likely to be decrypting the United States' most secure communications and that 
they could not have enough spies in South Vietnam to be aware of every U.S. operation in 
Southeast Asia before they took place, U.S. personnel came to the conclusion that U.S. 
forces were themselves inadvertently revealing vital information to the enemy. 

(U) To test this hypothesis, the U.S. Joint Chiefs of Staff authorized Operation PURPLE 
DRAGON. Relying on a multidisciplinary investigation of all aspects of combat operations, 
from conception to planning to execution, the men of PURPLE DRAGON sought to uncover 
those elements of an operation which might be insecure and which of those elements might 
be able to provide valuable, exploitable information to the enemy. Once uncovered, 
PURPLE DRAGON could then suggest possible remedies for those elements to the concerned 
commanders in the field. 

(U) From its inception in 1966 and 1967, PURPLE DRAGON proved a major success at 
improving the combat effectiveness of the units and operations it surveyed. PURPLE 
DRAGON was so successful, in fact, that before the war was over the Joint Staff made 
operations security programs, based on the PURPLE DRAGON model, mandatory for all U.S. 
commands everywhere in the world. Operations security would prove so successful in the 
end that President Ronald Reagan would make it a requirement for every U.S. 
government department or agency, military and civilian, with a national security mission. 

(U) It is the goal of this study to explore why and how operations security in general 
and PURPLE DRAGON in particular came about. It will attempt, furthermore, to show how 
the concept and methodology of OPSEC were developed; how OPSEC came to prove itself in 
the rice paddies and jungles of Vietnam; how it came to win acceptance, first among the 
U.S. military in Southeast Asia and the U.S. Pacific Command, then by the U.S. military 
establishment worldwide; and, at last, how operations security came to become an official 
policy of the United States government. Finally, it will seek to document the vital role 
that the National Security Agency has played in the development of operations security, 
from the birth of OPSEC during the conflict in Vietnam to the present day. 
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Part II 

The Beginnings of OPSEC 



WHY PURPLE DRAGON? 

(U) On 7 February 1965, a Viet Cong (VC) platoon attacked the U.S. air base at Pleiku, 
about 200 miles north of Saigon, in the Republic of Vietnam (RVN or South Vietnam), 
During the attack, the VC destroyed one transport aircraft and nine helicopters and 
damaged fifteen other aircraft. They also blew up a barracks, killing eight U.S. 
servicemen while wounding 126 more. 

(U) In response to the Pleiku attack, President Lyndon Johnson approved a proposal 
for continuing air strikes against targets in the Democratic Republic of Vietnam (DRV or 
North Vietnam), as opposed to the policy of quid pro quo retaliations for North Vietnamese 
attacks that had been in effect since the Tonkin Gulf incident of August 1964. The first 
raid under the new policy took place on 11 February 1965, when 160 U.S. and RVN Air 
Force and Navy fighter-bombers struck targets north of the 17th parallel, the official 
boundary between the two countries. The policy of continuing air strikes north of the 17th 
parallel, to be carried out by fighter-bomber aircraft, was given the covername Operation 
ROLLING THUNDER . 1 

(U) On 17 June 1965, U.S. B-52 bombers from Andersen Air Force Base in Guam for 
the first time launched a mission against a VC stronghold in South Vietnam. This and 
future B-52 missions from bases in Guam, Okinawa, and Thailand were covernamed 
Operation ARC LIGHT . 2 From that time on, ARC LIGHT strikes against VC and North 
Vietnamese Army (NVA) targets in South Vietnam and ROLLING THUNDER strikes against 
targets in North Vietnam became an almost daily occurrence. 

(U) By the summer of 1966, however, it had become clear that the bombing missions 
were not having as significant an effect on the VC/NVA as had been expected. Ground 
sweeps and bomb damage assessments of B-52 target areas discovered lighter enemy 
losses, in both men and material, than expected, and North Vietnamese infiltration of 
more men and material into South Vietnam was apparently not being inhibited by air 
strikes in the DRV. Morale in the VC/NVA still seemed high after a year of bombing, and 
North Vietnamese military and industrial activity did not seem to have been severely 
hampered. 3 The concern was on many people’s minds - was U.S. intelligence concerning 
the enemy’s whereabouts and strength faulty or, more ominously, were the the ARC LIGHT 
and ROLLING THUNDER missions being given away in advance, providing the VC/NVA the 
opportunity to avoid them? 

- (S NF) 
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Admiral U.S. Grant Sharp, USN" 
Commander in Chief, U.S. Pacific Command 
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'TTSQJThe answer w as yes, they did. Beginning in mid-1965, National Security 



Agency (NSA) analysts inf 



B21, had uncovered evidence of Chinese forces in 
North Vietnam (CFNVN ) and had begun full-time monitoring of manual morse code 



communications between 



and the CFNVN. For 



TFSCUPla ying a hunch by E. Leigh Sawyer, then chief of B21, analysts began 



comparing the 



messages again st U.S. operat ions in Southeast Asia. They 



discovered an apparent match between the 



messages and some ROLLING 



THUNDER m issions. Upon further analysis, they discovered a near perfect match between 
and planned ROLLING THUNDER missions over the northeast quadrant of North 



Vietnam. 



The final proof of the meaning 
]came during the U.S. bombing moratorium between 24 December 1965 and 
31 January 1966. The messages stopped along with the bombing. B y early 1966, the 
analysts at NSA were able to show] ” — — 



90 percent of all ROLLING THUNDER missions 



to between 80 and 



and ROLLING 



^fFSCLAfter performing more analysis of the links between[ 

THUNDE R during the early part of 1966, B21 finally re leased a report of its findings in May 
detailingl I The effect was immediate, f 



B21 also produced another four reports on|_ 
messages, their probable content, and their relationship to ROLLING THUNDER 
missions, during the c ourse of the next three months. Leigh Sawyer gave a private 
briefing on | to General Earle Wheeler, chairman of the JCS. After the briefing. 
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according to Sawyer, Wheeler's only response was to slam his fist on the desk and shout, 
"Goddam it, we’ve been penetrated!" 11 

(TDC NF)”At the same time as its findings on NSA was uncovering other 



(TDC NF)”At the same time as its findings on |NSA was uncovering other 

evidence of hostile prior knowledge of U.S. air operations in Southeast Asia. The Strategic 
Air Command (SAC) had begun overflights of North Vietnamese and Chinese territories 
using low altitude photographic reconnaissance drones in 1964, covernamed BLUE SPRINGS 
in 1966 and redesignated at various times BUMBLE BUG, BUMPY ACTION, and buffalo 
HUNTER. C-130 mother ships operating out of Bien Hoa air base in South Vietnam would 
release the drones over Laos or the Gulf of Tonkin; the drones would overfly northern 




average warning time of eight and a half hours. Though usually general in nature, the 
Vietnamese alerts did occasionally include detailed targeting information. 13 
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(U) The problem with monitoring, however, was that COMSEC monitoring, by its very 
nature, was selective, the findings being limited by the fact that the SCAs could not 
monitor all communications all the time. Monitoring, furthermore, could uncover COMSEC 
lapses only after they had occurred . 19 
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-fTST At the beginning of the PURPLE DRAGON survey in December 1966, the survey 
teams lacked clear guidance on what they were looking for and how to proceed. However, 
following a briefing from CINCPAC on the sort of information they were to seek, and 
improvising as they went along, the PURPLE DRAGON teams and staff were able to develop 
an efficient method for both the gathering and the analysis of information on potential 
sources of enemy foreknowledge and forewarning. The PURPLE DRAGON teams decided that 
the fundamental process of the surveys would be to "put ourselves in the position of the 
adversary and study our operations step by step, from conception through execution to 
completion and beyond.” Furthermore, they would focus their attention on the small, 
seemingly insignificant details of the surveyed operation, considering them to be just as 
likely, if not more so, to provide valuable information to the enemy as the major aspects of 
the operation. 34 



4SfThe PURPLE DRAGON survey teams’ first order of business was to develop a complete 
overview of the operation and of each mission in that operation. Though already 
knowledgeable about the operations they were to survey, the teams began by reviewing 
"operations orders and directives, communications-electronics operating instructions, 
pertinent COMSEC... and such other documentation” so that they would be as familiar as 
possible with "the details and possible weaknesses of the operation before 
commencing. . . .” 35 
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U.S, Air Force CH-53 helicopter recovering a 
BLUE SPRINGS reconnaissance drone over the Gulf of Tonkin 
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^(TD NF7 On being apprised of PURPLE DRAGON's findings concerning! 



codes. By 1 June 1967, 1 | 



SAC began to upgrade its worldwide operations 
| | and T by the 

I had been 



following spring, two 
introduced. Also as a result of PURPLE DRAGON, CINCPAC ordered the installation of a 
KW-26 secure teletype link between Bien Hoa and Da Nang to handle BLUE SPRINGS 
traffic. In fact, the KW-26 was on-line between Bien Hoa and Da Nang within a week after 
CINCPAC’s J-6 was apprised of the situation. The KW-26 link was still later replaced by 
an HY-2/KG-13 secure voice link between the two bases. 50 




ARC LIGHT MISSIONS 



(U) On ARC LIGHT missions, PURPLE DRAGON found several likely sources of enemy 
foreknowledge and forewarning. Under International Civil Aviation Organization 
agreements, every time an aircraft is scheduled to pass from the control of one air traffic 
control (ATC) center to another, it is required to file a flight plan with its local ATC center 
and to notify the new ATC center of its expected arrival time and location in that center's 
zone of control and request an altitude reservation (ALTREV) for its flight path through 
that zone. The new ATC center will then publish a Notice to Airmen (NOTAM), giving 
flight particulars such as altitude, flight path, and entry and exit times and locations from 
the ATC zone, which it broadcasts to all adjacent ATCs so they will be aware of the 
aircraft's presence. 
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(TSC1" Following the implementation of PURPLE DRAGON’S recommendations on ARC 
LIGHT, enemy alerting of B-52 strikes dropped significantly, at least by the two broadcast 
stations identified by NSA. During December 1966, the first month of the PURPLE DRAGON 
survey, the two NVA stations had alerted 34 percent of ARC LIGHT missions with an 
average warning time of eight and a half hours. In April 1967, at the end of PURPLE 
DRAGON, NVA alert broadcasts had fallen to only five percent of B-52 strikes, with an 
average alert time of less than thirty minutes. 60 '(b) (i) 
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U.S. Navy A-4 fighter bombers on a ROLLING THUNDER mission 
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(U) Because of the radar surveillance problem, PURPLE DRAGON decided to make no 
major recommendations, beyond those already mentioned, for eliminating possible sources 
of enemy foreknowledge and forewarning of ROLLING THUNDER missions. Consideration 
was given to recommending changes in refueling aircraft communications procedures, but 
it was decided that the changes would only needlessly complicate refueling operations 
without significantly lessening the enemy's warning time. 68 
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OPSEC INACTION 




(U) The teams also produced some fourteen OPSEC reports. Each PURPLE DRAGON 
report consisted of the results of surveys conducted during the reporting period as well as 
regular updates on the OPSEC status of Operations ARC LIGHT, BLUE SPRINGS, and ROLLING 
THUNDER. Following the termination of ROLLING THUNDER in the spring of 1968, PURPLE 
DRAGON began including regular updates on the Strategic Air Command’s SR~71 
reconnaissance program over Vietnam and the Korean peninsula, Operation GIANT SCALE. 
PURPLE DRAGON reports were unusual in that they did not go through the usual staffing 
process at CINCPAC but were issued directly as written by the OPSEC branch. 1 

(U) Following are a few of the more significant operations security surveys conducted 
during the Vietnam conflict, which are representative of PURPLE DRAGON’s usual activities 
and findings. 
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(U) BOLD MARINER was a major success from an OPSEC standpoint. Proof of operations 
security achieved in BOLD MARINER comes from the fact that Marines of the SLF, working 
in concert with U.S. Army and ARVN troops inland, succeeded in capturing 470 suspected 
Viet Cong guerrillas on just the first day of the operation, VC who certainly hadn’t been 
forewarned that the Marines were coming. 20 



U.S. ARMY/NAVY RIVERINE OPERATIONS 

(U) In the summer of 1966, MACV reported that approximately one third of all VC 
attacks within the RVN occurred in the IV Corps Tactical Zone, in the Mekong River delta 
region of southern South Vietnam. MACV also estimated that the Viet Cong controlled 
almost one quarter of the population in the delta. 21 




Mekong River delta. South Vietnam, showing major rivers, canals, and main roads 
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(U) The delta would have to be cleared of the enemy, but that posed a problem. The 
delta consists of a vast network of rivers, canals, rice paddies, and swampland, making 
normal military operations, especially the bivouacking, supply, and movement of ground 
troops, nearly impossible. To get around this problem, MACV hit upon the idea of basing a 
combat division on board Navy troop transports offshore and transporting them in Navy 
river patrol boats and landing craft to and from their tactical areas of operations. The 9th 
U.S. Infantry Division, consisting of three brigades, was established to serve as the ground 
force, with naval TF117 supporting them, and the Mobile Riverine Force (MRF) was ready 
to commence operations in early 1967. 22 
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(U) Following the PURPLE DRAGON surveys of Mobile Riverine operations and Army 
ground operations, as with most PURPLE DRAGON surveys during Vietnam, the OPSEC 
posture of the surveyed organizations improved, at least temporarily. More important, ] OGl 

however, evidence of enemy prior awareness of the operations significantly decreased as 
the surveyed units implemented suggested changes in procedures. U.S. intercept of enemy 
alert messages dropped off, and contact with the enemy usually increased. These positive 
results, however, were almost invariably only temporary. In most cases, the enemy, being DIA 

denied one valuable source of foreknowledge of U.S. intentions and capabilities by the 
improved operations security of the units involved, would cast about until they had found a 
new source of information to take its place. Then, evidence of the enemy’s prior knowledge 
would again surface and the OPSEC procedure would begin again. 
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(TSC NFTThe TECHINS also established reporting vehicles for the enemy awareness 
reports, ranging from tactical reports at flash precedence for intercepts which could be 
closely correlated with imminent Allied operations and could be released directly the 
units involved, to weekly and monthly Asian Communist (later Pacific Area) Awareness 
Reports, which summarized all SlGINf evidence of enemy foreknowledge or forewarning 
during the preceding period. 4 Over time; the TECHINS would be expanded in scope, first 

to cover intercept indicating! I \ \ \\ m rior 

awareness of U.S. and Allied operations and communications indicating such awarenes^j 
and, second, to cover all U.S. and Allied combat operations, rather than just; 
reconnaissance and strike-related flights. 5 

(ISG-*N¥T"Along with the new reporting instructions on enemy foreknowledge and 
forewarning, DIRNSA decided to replace the ad hoc nature of support to PURPLE DRAGON 
with a more permanent mechanism to coordinate the Agency’s OPSEC-related activities 
with the CINCPAC OPSEC branch. General Carter, therefore, in June 1967 established 
within NSA’s Office of Asian Communist Nations, then designated B Group, a B Group 
Joint Task Force (BJTF) to provide dedicated SIGINT support to the OPSEC program in the 
Pacific. 6 The mission of the BJTF was f'to review the S I GI NT/fe v i d e n c e s of forewarning from 
all available sources, in order to determine not only what the enemy may be exploiting, 
but also how he is doing it.” 7 A major focus of the BJTF’s. analysis of enemy awareness was 
to determine whether any U.S. codes or ciphers were being exploited. 8 

XTG CCOT Among the Agency organizations included in the BJTF were 
representatives of the Agency's Communications Security Division, /Si, : as well as 
representatives of the various B Group branches directly involved in the Agency’s efforts 
against the North Vietnamese, Viet Cong J / 1 1 a r ge t s . These 
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THUNDER missions 
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for the vast 

majority of ROLLING THUNDER strikes throughput the initial PURPLE DRAGON survey, and, 



in fact, continued to 
THUNDER in April 19 
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issue them regularly right through to the termination of ROLLING 
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after ROLLING THUNDER ended, but B21 concluded that most of these 
ely training exercises for the CFN VN. 9 
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of the Office of 


B45, 


.de the focal point for the BJTF. B45 had 


been established fo 
communications net 
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a organization 




as apparently reporting on U.S. Navy, 



Marine, and Air Force operations in the Gulf of Tonkin and northern South Vie tnam. The 



net consisted of a control statior 
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A third outstation in the net|^ 
I was also identified, but it was seldom active. 10 




U.S. forces tactical data, so called "blue force data,” to aid them in their analysis of a 
hostile SIGINT target. 

Throughout the Vietnam conflict, the Navy maintained an average of ONI-5 



analysts learned from the| Jdata that every day at 0700 hours local, these carriers 

would trans mit their locations to CINCPAC headquarters in Pearl Harbor. They further 
noticed that I 
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(TSC) What they read surprised them, 
designated! 



The 



communications net, 



| turned out to consist of reports of primarily U.S. Navy and Marine 

aircraft activities off the carriers in the Gulf. Some transmissions consisted of direct 



transcriptions of U.S. aircraft com muni-cations traffic, no more and no less.\ 
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communications t hat most surp rised the NSA analysts reading them, was that everything 

net, except operator chatter, was in English. 12 



transmitted on the| 

3T^-P' v-Lrv 8.6- 36 _ 

•ffSCTWhyC 



]was in English no one could say. One plausible suggestion was 



1 Or perhaps they were just too 



busy to t ranslate the mass of materia l - after all, at its peak 
over 250 



messages a day td 



talone was sending 



£FSCTr Most of the 



Reflected activity by the 



intercept observed in 

U.S. aircraft carriers in support of ROLLING THUNDER missions and other operations, but 
there were also reflections of U.S. Air Force KC-135 tanker aircraft, reconnaissance 
aircraft, an d B-52s on ARC LIGHT missions. While most U.S. communications reflected in 
were in plain text, B45 was able to show that at least some U.S. operational 



codes may have been compromised, either through traffic analysis or crypt analytic attack, 
and were regularly being exploited | 



Whatever the methods 



to read the U.S. traffic, B45 showed they were regularly ab le to intercept the 



U.S. signals and retransmit the content of therq 
five minutes. 13 



on average within 



ppserrhjf 



continued to provide valuable intelligence to the U.S., and 
^foreknowledge of U.S. operations in Southeast Asia, until 
late 1970, when the circ uit suddenly and for no apparent reason went dead. A debate 
ensued as to whether or nol — — — — - 



i mportan t indications of£ 




-(TOC)~Other reasons for the loss of the[ 



] signals were also presented: the 



pad trouble getting the system to function pr operly, and it was 



possible they simply gave up on it as being too com plicated to operate 



tn 



the|j 



het because they had developed a better 



pay 



also have abandoned[ 

system. The circuit was quickly replaced by a parallel net using a different encryption 
system. 
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The new system remained active for approximately a year before it 



too went off the air, probably to be replaced by landline. 



B45 turned its attentions to other, 



"TTSGWVith the loss of the 
less valuable targets until the end of U.S. involvement in Southeast Asia, when the 
[ division was disbanded and the target went into a caretaker status. 14 

^TTSQ^While the analysis and reporting of the | "[ iet was its major 



responsibility, B45 supported the CINCPAC OPSEC program in other ways as well. As 
focal point for the BJTF, B45 was responsible for producing weekly and monthly 
summaries of all SIGINT reflections of enemy foreknowledge and forewarning of U.S. 
military operations. Because of the quantity of such material, this requirement was later 
reduced to only weekly summaries. The BJTF was also responsible for gathering both 
SIGINT and collateral evidence of foreknowledge of U.S. operations', not only by | 



even 



and for 



from 

coordinating all NSA OPSEC-related reports. The BJTF produced reports and briefings on 
its findings for PURPLE DRAGON team members and the U.S. military and intelligence 
communities, as well as orientation tours for personnel being assigned to the OPSEC team 
at CINCPAC. 15 

(0 CCOCAs SIGINT often provided the evidence of OPSEC weaknesses, it also served as a 
major indicator of OPSEC successes. Throughout the war, one of the most/common reasons 
for performing an OPSEC survey of a particular operation was SIGINT evidence that the 
enemy had foreknowledge of it. In ongoing operations, such as air operations, the SIGINT 
evidence often took the form of alert messages prior to individual missions. When PURPLE 
DRAGON had finished surv eying an operation and its recommendatio n b w ere implemented, 
the OPSEC team would often 
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4S*eeOT In the final analysis, NSA support to PURPLE DRAGON was an important, 
perhaps vital element in the success of the OPSEC program in Southeast Asia. As one 
employee of B45 put it, PURPLE DRAGON "wouldn’t have happened without NSA.” 17 

— (S CCO) But NSA’s support was also a success story within the Agency itself. Just as 
PURPLE DRAGON was originally conceived as a multidisciplinary organization, so too was 
the Agency’s support multidisciplinary. In support of the OPSEC effort in PACOM, Agency 
personnel from all of the cryptologic disciplines - cryptanalysts, traffic analysts, signals 
analysts, linguists, reporters, COMSEC specialists, and intercept operators - both military 
and civilian, from a variety of offices with a variety of targets, at Fort Meade and at field 
stations throughout the Pacific and around the world, worked together closely to improve 
the combat effectiveness and save the lives of U.S. and Allied servicemen and women in 
the rice paddies and the jungles, at sea, and in the air throughout Southeast Asia. 18 
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VC/NVA INTELLIGENCE STRUCTURE 

_ (Tfi PCfTT At the top of the VC/NVA intelligence structure was North Vietnam's 
Central Research Directorate (CRD) in Hanoi. The CRD, sometimes described as "Hanoi’s 
DIA,” had responsibility for strategic, national-level intelligence. 6 Below the CRD, the 
Central Office, South Vietnam (COSVN), analyzed and disseminated tactical intelligence 
to VC/NVA forces throughout the RVN and served as a point of contact between the CRD 
and units in the field. 7 Finally, scattered throughout the RVN were VC/NVA tactical 
units and individual agents. They could either pass their information up to COSVN for 
analysis or, in some units, analyze and use it for tactical advantage themselves. 8 

JJJP8CT~Of all sources of information, the VC/N VA valued communications intelligence 
most heavily, with enemy PWs and ralliers describing it variously as "the easiest, safest, 
and fastest” means of obtaining intelligence, and as a "continuous source of information” 
on Allied plans and operations. 9 All levels of the VC/NVA intelligence system were 
involved in the collection, processing, analysis, and production of COMINT. The CRD in 
Hanoi, for example, attempted the cryptanalysis of medium- and high-level U.S. 
cryptosystems. While there is no evidence the North Vietnamese had any success 
cryptanalyzing high-grade U.S, systems, the CRD was successful against some lower- 
grade codes and ciphers, such as one used to transmit airborne radio direction finding 
results in the RVN, 10 

(S NF j- Much of what is known about VC/NVA COMINT activities in the RVN comes 
from documents and personnel captured during Operation TOUCHDOWN in 1969. During 
TOUCHDOWN, soldiers of the 1st U.S. Infantry Division in Binh Duong Province near 
Saigon managed to capture twelve of the eighteen enemy personnel assigned to a local 
Technical Reconnaissance Unit (TRU), a VC/NVA tactical COMINT unit, along with items 
of equipment and some 2,000 documents. 11 

Based on the review of TOUCHDOWN-related materials, as well as 
interrogations of enemy PWs and ralliers, it was clear that the enemy maintained an 
extensive and efficient COMINT network in the RVN. COSVN, through its Military 
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Intelligence Bureau (MIB), oversaw the activities of at least 4,000 enemy personnel in the 
RVN estimated by CINCPAC to be engaged in the intercept and analysis of Allied 
communications in 1969. The actual number may have been as high as. 5,000 personnel. 
The extent of the enemy COMINT effort inside South Vietnam was particularly shocking, as 
the best previous estimates of the enemy’s COMINT effort had suggested that no more than 
300 enemy personnel were engaged in COMINT activities inside South Vietnam. 12 Enemy 
TRUs were apparently established in every part of the RVN and ranged in size from 406 
personnel in the 47th Technical Reconnaissance Battalion colocated with COSVN along 
the Vietnamese-Cambodian border in early 1967, to individuals performing signals 
intercept operations alone in Saigon. 13 



OPERATIONS OF THE TRUs 

JJ&fThe TRUs used a combination of captured and stolen U.S. radio equipment, as well 
as commercial equipment from Japan and Western Europe, and radios supplied by the 
Communist Bloc countries to conduct intercept. They also used small, battery-operated 
tape recorders to aid them in exploiting non-Vietnamese voice communications. 14 




DRV signals intercept officer at work 
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IS CCOtThe TRU intercept program was primarily targeted at low- to medium-level 
RVN armed forces and national police voice and manual morse nets, as well as U.S. 
tactical voice nets. There was a smaller, but successful effort made against Australian, 
South Korean, Thai, and Cambodian tactical voice nets. They also monitored Allied open 
source broadcasts including the Voice of America, the British Broadcasting Corporation, 
and Armed Forces Radio, and were capable of wiretapping telephone landlines. 15 The 
TRUs were usually well equipped with English linguists, and the VC/NVA were known, 
on occasion, to augment their language capabilities by requiring Thai and Korean 
prisoners of war to aid them in their intercept operations. There were even reports of U.S. 
deserters working as signals intercept operators for the enemy. 16 

-f€1^The TRUs showed a high level of professionalism in the performance of their 
duties. The VC/NVA were able to target specific Allied units in their vicinities and 
maintain continuity on them, in many cases for years at a time, because of the static 
callsigns and frequencies, and other elements of SOI employed by U.S. and Allied 
communicators. 17 The TRUs had the ability to perform traffic analysis, radio direction 
finding, and even limited cryptanalysis on intercepted communications. 18 

Their competence in covering assigned targets is reflected by the heavy monthly figures on 
messages that platoons and companies report as intercepted and exploited. The first and largest 
company of the former 47th TR Battalion had a strength of 130 and reported processing 7,745 
messages during the month of September 1966. The third platoon (strength 69) of an unknown 
but entirely different company operating in Tay Ninh province reported an average of 500 
messages per day, and a high of 920 messages in a single day during the latter part of 1968. A 
captured target list of another unidentified unit operating near Da Nang in December 1968 
showed it to be working against 31 separate voice nets of the U.S. 1st Marine Division. These 
three units alone were capable ofcovering about 100 radio nets. One of them (the 1st Company of 
the 47th TR Bn) reported 100 percent exploitation of the material intercepted. 19 

-(C CCOf The size of the enemy's COMINT program was matched by its success. 
Although, as already noted, the VC/NVA apparently had no success in cryptanalyzing 
U.S. medium- or high-level cryptosystems, they were very successful against U.S. and 
Allied tactical- level codes, particularly the unauthorized codes so beloved of signalmen in 
the field. Enemy PWs and ralliers often commented on the lack of security offered by 
brevity and slang codes used by Allied radiomen, one PW stating that, almost invariably, 
brevity codes could be broken out and read within six hours, and that Allied use of such 
codes often allowed the enemy to differentiate between particular units and echelons. 20 

(£>CCQ )-The enemy also proved adept at traffic analysis, thanks in no small part to 
poor use of SOI by the U.S. and its allies. Unchanging SOI allowed enemy TRUs to 
intercept a high volume of traffic. Instances of poor SOI included the U.S. Army's Artillery 
Warning Control Centers, which did not change their callsigns or frequencies between 
1967 and at least early 1971; and B-52s involved in ARC LIGHT missions, which, according 
to enemy PWs, regularly used the callsign CAPTAIN CONTROL and DINBACK. Even 



NOT KLLLA5ABLL 10 P OREIGN NA TT ONAL3 



^ TQP SECRET UMBRA 



68 




TOP SLCRLl UMUKA 



when SOI were changed, however, the VC/NVA were reportedly able to break out the 
complete new U.S. SOIs in as little as six hours, and the new ARVN SOIs in as little as two 
hours. 21 

^S^For all their cryptanalytic and traffic analytic successes, the VC/NVA’s major 
source of COMINT was always the exploitation of Allied nonsecure voice transmissions. 
Intercept of Heavy Artillery Warnings, known by the enemy just as well as by the Allies as 
advanced warning of B-52 strikes, provided the enemy with at least tactical forewarning of 
almost all ARC LIGHT missions, giving target coordinates and TOT, usually ten to thirty 
minutes before the bombs started falling. 22 "Calls for air strikes, requests for medical 
evacuations (including numbers, locations, and landing zones), ARVN assessments of 
tactical situation (including deployment of forces, map coordinates, and weapons used), 
and requests for artillery support (including forward observer, mission requests, and 
adjustment of fire)” were just some examples of the types of clear text messages regularly 
exploited by the VC/NVA. 23 

(D-CCO) The enemy also routinely targeted and exploited the communications of 
specific units, such as two ARVN Special Forces units in Tay Ninh and Hua Nghia 
provinces, west of Saigon, whose commanders were known to discuss their operational 
plans in the clear. Other ARVN units would regularly follow encrypted transmissions 
with clear voice to collate the messages and to clear up any mistakes, or to offer help in 
decrypting difficult passages in the messages. Even requests for food, when intercepted, 
informed the enemy of ARVN intentions. 24 As already mentioned, the VC/NVA TRUs 
even monitored Voice of America, British Broadcasting Corporation, and Armed Forces 
Network broadcasts originating in Saigon, and were often able to learn valuable 
information such as the organizations, designations, and number of troops involved in 
particular operations from these sources. 25 

- (C-CCOT Interrogations of PWs and ralliers provided numerous examples of the 
immediate use that the VC/NVA made of intercepted Allied communications. One PW 
related how, on at least two occasions in 1967, his battalion had intercepted U.S. 
reconnaissance aircraft communications indicating that the battalion’s position was going 
to be bombed and strafed by U.S. fighter aircraft. In both cases, the battalion escaped 
before the fighters could arrive on the scene, potentially avoiding numerous casualties. 26 
On another occasion, a VC rallier described how his regiment had set up an ambush at a 
particular intersection on 4 November 1969 after intercepting a movement plan of the 
ARVN 22nd Ranger Battalion. In two engagements that day, the VC were able to kill 
twenty-nine ARVN personnel and w,ound sixty-five others. 27 Finally, a captured VC 
regimental commander related how, in March 1968, his regiment had used intercepted 
clear-voice transmissions to set up the ambush of a U.S. battalion. During the ensuing 
action, the PW claimed, 100 Americans had been killed. 28 

-(CT Although the VC/NVA relied most heavily on COMINT for foreknowledge and 
forewarning of Allied operations, Allied communications were by no means the only source 
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of enemy intelligence during the war in Southeast Asia. The VC/NVA also maintained an 
extensive espionage program in the R VN and perhaps elsewhere in the Pacific. Individual 
agents working in the RVN were controlled by Military Intelligence Sections (MIS), which 
were directed by the Strategic Intelligence Section (SIS). The SIS reported directly to the 
MIB at COSVN, where agent information was analyzed and either disseminated to 
military units in the field or passed on to the CRD in Hanoi . 29 There was also evidence that 
VC/NVA tactical units recruited their own agents to provide them with local, tailored 
intelligence. 

“TTJPThe VC/NVA were able to infiltrate agents into all levels of RVN society, from 
high-ranking military and civilian personnel in Saigon to peasant children in the 
countryside. The enemy also attempted and, often it seemed, succeeded in placing agents 
among the Allied forces, especially the Americans, usually as workers in local military 
installations. The enemy typically sought communist or DRV sympathizers to recruit as 
agents but were not unwilling to resort to threats and violence to coerce people into spying 
for them . 30 

^(©^Interrogation of enemy PWs and ralliers gave general indications of VC/NVA 
espionage in the RVN. For instance, sympathetic civilian authorities often provided the 
VC with information on Allied troop concentrations in their areas, while local villagers 
would provide them with local hearsay on Allied intentions . 31 Villagers were also 
responsible for warning the VC of Allied activities. These villagers would use "such 
methods as ringing a gong, shaking a rattle, firing shots into the air, blowing a whistle, 
beating a bamboo stick, blowing a horn, setting a fire, or igniting smoke grenades” to warn 
the enemy of Allied troop movements. The VC/NVA also would force interpreters and 
translators working for U.S. military and civilian agencies in the RVN to steal documents 
and provide information from their jobs . 32 

-(OfThe enemy also made a concerted, and successful, effort to infiltrate ARVN units in 
order to provide more timely and accurate information on proposed ARVN operations. 
Often, draft-age VC personnel would allow themselves to be arrested as draft evaders, and 
would then volunteer for duty in target areas. VC/NVA personnel even gained access to 
ARVN-controlled installations by wearing captured or stolen RVN armed forces uniforms 
and passing themselves off as South Vietnamese military personnel . 33 

-(SC NPt When the enemy was not able to place an agent inside a particular Allied 
installation, they settled for placing one near the installation or in those places that Allied 
personnel were known to frequent off the job, and relied on observation and eavesdropping 
to gather information. The enemy recruited vendors, truck drivers, carpenters, even bar 
girls and prostitutes to serve as agents . 34 The VC was even reported recruiting fourteen- to 
sixteen-year-old children to hang around Allied radio-equipped vehicles and copy the 
frequency settings on the communications gear, and they are believed to have placed 
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agents in Guam, Thailand, Okinawa, Japan, and the Philippines in order to observe and 
report on U.S. operations such as ARC LIGHT. 35 

jCSG-NFJ The last major source of enemy intelligence concerning Allied operations in 
South Vietnam, following COMINT and espionage, consisted of information gathered by 
VC/NVA forces themselves. Military intelligence of this sort, collected through routine 
reconnaissance and the recognition of stereotyped Allied activities, was supplied to the SIS 
at COSVN for analysis and dissemination. 36 VC/NVA units learned during the war to 
forecast Allied tactics based, for instance, on their reconnaissance procedures. The 
presence of certain U.S. reconnaissance aircraft in a region was recognized as a tip-off of an 
ARC LIGHT mission in the near future, while other types of reconnaissance aircraft 
forewarned of tactical air and helicopter gunship attacks. 37 A captured NVA lieutenant 
colonel considered the following types of activity, all of which were easily observable to 
VC/NVA personnel in the field, as good indicators of pending U.S. ground operations: troop 
movements, supply movements, the appearance of new units in a region, the appearance of 
certain reconnaissance aircraft, increased patrol activity, and increased radio 
communications. He also observed changes in the activity of the local populace and local 
ARVN forces prior to most Allied operations. The NVA colonel further indicated that the 
amount of time between operations in any one area was fairly consistent and that he could 
predict the likelihood of impending operations based solely on the length of time since the 
last previous operation in the vicinity. 38 
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PURPLE DRAGON DIVERSIFIES 



(U) The nature of the U.S. involvement in South Vietnam underwent a significant 
change beginning in January 1969 with the inauguration of Richard Nixon as president. 
The buildup of U.S. troops was reversed and the long disengagement from South Vietnam 
began. Between the summer of 1969 and January 1973, U.S. troop levels in the RVN 
would drop by more than 95 percent. 11 

(U) Along with the drawdown of U.S. forces in Southeast Asia, the U.S. military’s 
conduct of the war also changed. The Nixon administration’s policy of "Vietnamization” 
aimed at preparing the ARVN to take over the combat roles of the withdrawing U.S. 
troops, along with a gradually diminishing the role of those U.S. forces staying behind. 
The final goal of Vietnamization was for South Vietnam to take over completely the 
conduct of the war. 12 
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^S^These surveys showed the same kinds of OPSEC weaknesses in PACOM peacetime 
operations as existed in combat operations in Southeast Asia, Poor COMSEC was the 
biggest single problem, especially the use of nonsecure communications links for passing 
sensitive information, with heavy dependence on the "conventional telephone.” 15 Units 
were passing a superfluity of information, much more than necessary to accomplish their 
missions, highlighting friendly operations for the enemy. 16 Other weaknesses included 
poor SOI and the use of unauthorized or homemade codes, in one case a dependence for 
years on a homemade callsign for travel by a high-ranking officer. 17 EC-121 aircraft, 
providing early warning radar coverage in Korea, also for years had used an unchanging 
callsign, as well as a homemade code for reporting its operational status. 13 Another unit 
also u sed homemade, hence less secure, codes, and, furthermore, the survey team found, 
personnel were transmitting the same information via authorized operational codes. 



The parallel transmission of the same information over the two systems, one authorized, 
the other not, could easily have compromised the security of the authorized code. 19 



tfitff PURPLE DRAGON also found numerous Cl weaknesses in PACOM's noncombat 
operations. Uncleared Korean nationals, for example, were employed at many Army air 
fields, with virtually free access to most operational areas - some even had access to the 
ATC centers and other work spaces where sensitive, and sometimes classified, information 
was regularly being passed. Also, whenever a dignitary was to visit an 8th Army 
installation, the protocol office always distributed widely an unclassified, detailed 
itinerary booklet in advance of arrival. Additionally, unclassified flight schedules for the 
dignitary's visit would be posted in unsecure areas, such as officer's clubs, up to forty-eight 
hours in advance of the visit. 20 




iST Stereotyped operations were also a problem, perhaps even more so in peacetime 
operations than in combat operations. One of the regular operations of U.S. Army aviation 
units was the insertion of ROK troops in the area just south of the Demilitarized Zone 
separating the two Koreas, in order to interdict the infiltration of North Korean espionage 
agents and commandos into the ROK. Unfortunately, this interdiction operation was 
performed only one day a week, alternating between Wednesdays and Thursdays, and the 
ROK troops were always withdrawn after twenty-four hours. "This pattern could permit 
the North Koreans to take actions negating ROK mission effectiveness.” 21 

M " 



Jmissions, however, always flew exactly the same flight path and always for either 
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five or seven hours at a time. Furthermore, the drones were released at exactly the same 
time during each mission. Likewise, the helicopters that recovered the drones always filed 
a flight plan at at their home base at exactly 0800 hours local time' on the day of a 



mission. 






TOP SECRET UM B RA 



~n5ew| 



S3" 



i(b) (1) 

|OGA 



PURPLE DRAGON? And how successful was the U.S. OPSEC effort in Southeast Asia? 




DIA 

PURPLE DRAGON: LESSONS LEARNED 

(U) On 27 January 1973, representatives of the United States, North Vietnam, South 
Vietnam, and the Viet Cong signed "An Agreement Ending the War and Restoring Peace 
in Vietnam” in Paris. The agreement called for the withdrawal of the last 23,700 U.S. 
troops and advisors left in South Vietnam by the end of March. Although U.S. servicemen 
and women would continue to be actively engaged in Southeast Asia for another two years, 
the Paris Peace Accords effectively marked the end of the Vietnam War for the United 
States. 

(U) By the end of the war, PURPLE DRAGON and the U.S. operations security program 
were a little over six years old. During that time, what did the U.S. military learn from 
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(U) When U.S. military commanders first received proof from the National Security 
Agency that the enemy was forewarned of U.S. operations in Southeast Asia, no one could 
say with certainty how he had obtained his information, and, without knowing this, there 
was no way to prevent him from obtaining more. It was in order to discover how the enemy 
obtained his information, and to prevent him from obtaining more, that PURPLE DRAGON 
was born. 
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Part VII 

PURPLE DRAGON at Peace 
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OPSEC AFTER PURPLE DRAGON 




(U) Therefore, it should not be surprising that the surveys conducted by these OPSEC 
branches often showed a lack of understanding of the purpose of operations security. In 
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Vietnam, it had been possible to recognize what information the enemy had wanted and, 
by surveying operations, to discover whether that information was being divulged and 
how, if possible, to prevent it. Away from Vietnam, however, many OPSEC surveys, often of 
such operations as war game exercises, lacked a clear-cut enemy with identifiable 
intelligence interests. In these cases, OPSEC survey teams merely recorded potential 
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(U) In 1982, NSA efforts to establish a formal OPSEC training curriculum received a 
major boost. In December of that year, the JCS directed that NSA "establish and maintain 
an OPSEC training program for NSA/CSS civilian and military personnel/' 9 Using this 
directive, NSA developed the "National OPSEC Course/' first presented at the NCS in 
November 1983. The OPSEC course was designated a national course, even though the JCS 
directive had called for a course solely for NSA/CSS personnel, because the Agency had 
asked to be allowed to present it to personnel from throughout the U.S. government; the 
JCS approved, and the OPSEC course was opened to non-NSA personnel. During the next 
six years, the National OPSEC Course would present the concept and methodology of 
operations security to over 500 senior- and mid-level government personnel, over 80 
percent of whom were from departments and agencies outside NSA. 10 

(U) NSA, through such means as the National OPSEC Course, OPSEC segments in other 
NCS courses, OPSEC seminars and briefings, and advice and assistance on OPSEC to other 
organizations, was able by the mid- and late 1980s to indoctrinate thousands of U.S. 
military and civilian personnel in the concept and methodology of OPSEC. Furthermore, 
using NSA’s course as a model, other government organizations either developed new or 
revised existing OPSEC training programs. By the mid-1980s, therefore, a consistent view 
of operations security - its theory, its method, and its goals - was being propounded 
throughout the U.S. government. 11 The lack of focus which had plagued the U.S. OPSEC 
program since the end of the Vietnam War was finally being corrected. 




(U) It would take nearly five years before the differing viewpoints and concerns of the 
competing departments and agencies concerned could be reconciled and the presidential 
directive on OPSEC published. In the meantime, the NOAC was established and, in 1985, 
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developed and approved training objectives for a three-tiered National OPSEC Training 
Program. NSA, "because of its experience in developing and fostering the OPSEC 
methodology,” was to serve as the "lead agency for development and presentation of 
national level OPSEC instruction.” 13 



Kb) (1) 
,/jOGA 
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NATIONAL SECURITY DECISION DIRECTIVE 298 

(U) Finally, on 22 January 1988 President Ronald Reagan signed National Security 
Decision Directive (NSDD) 298, decreeing that "each Executive department and agency 
assigned or supporting national security missions with classified or sensitive activities 
shall establish a formal OPSEC program. . . ,” L5 Under the directive, the Senior Interagency 
Group for Intelligence (SIG-I), with NOAC acting in an advisory capacity, was given the 
responsibility for formulating national OPSEC policy and resolving interagency OPSEC 
differences. 16 

(U) The director, NSA, was designated under NSDD 298 the executive agent for 
interagency OPSEC training: 

In this capacity, he has responsibility to assist Executive departments and agencies, as needed, to 
establish OPSEC programs; develop and provide interagency OPSEC training courses; and 
establish and maintain an Interagency OPSEC Support Staff (IOSS). . . } 7 

The IOSS - whose membership always consists, at the minimum, of representatives from 
the Department of Defense, the Department of Energy, the Central Intelligence Agency, 
the Federal Bureau of Investigation, and the General Services Administration — was given 
the responsibility for carrying out interagency, national-level training for executives, 
program and project managers, and OPSEC specialists; consulting with executive 
departments and agencies in connection with the establishment of OPSEC programs and 
OPSEC surveys and analyses; and providing an OPSEC technical staff for SIG-I. 18 

(U) Thus, with the promulgation of NSDD 298, operations security became the third 
major component, along with signals intelligence and information systems security, of the 
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National Security Agency's mission. NSDD 298 also marked the culmination of over 
twenty years of development of the concept of operations security, from a single operation, 
meant to address the lack of success of aerial bombing operations in Vietnam, to a 
national-level program widespread within the U.S. government, meant to protect all 
national security missions and operations from compromise by any hostile nation. 

(U) PURPLE DRAGON had come of age. 



Notes 



1. \The Great Conversation , 6; Joint Chiefs of Staff (JCS) Publication 18. Doctrine for Operations 
Security. 1 April 1973 (C); JCS, Memorandum J3M 365 1974, for Distribution. Subject: Interim Report, 
Worldwide OPSEC Conference (Consolidated Conclusions and Recommendations). 26 February 1974 (C); 
Director for Operations Security, NSA. Chronology ofPre-1984 OPSEC Events and Documentation (S NF). 

2. JCS Memorandum J3M 365 1975 (C); Director for Operations Security, NSA. Chronology (S NF). 

3. (U) Director for Operations Security, NSA. Chronology (S NF). 

4. ja j | [ interview. OH- 10-92. (S-CCO); | | T 

5. (U) Deeley ,\20; | | The Great Conversation, 6. 

6. j^fBoak interview. OH- 12-92 (S-CCO); Deeley, 19-20. 



'he Great Conversation , 6. 



7. t 

Conversation, 7. 





interview. 


OH-l< 


P-92 (SCO 


D); 




interview; Deeley, 20-21; 





The Great 



8. iSfl Direct or of Operations Security, NSA 
| The Great Conversation 8-9. 



Chronology. (S NF); 



interview. OH-10-92 (S-CCO); 



i 



he Grectt Conversation 10-11 . 



9. (U) Director of Operations Security. Chronology (S NF). 

10. (U) Ibid. (S NF) | 

11. (U) Ibid., 11. 

12. Director for Operations Security, NSA. Chronology. (S NF); | 

13. (U) Director for Operations Security; NSA. Chronology. (S NF)| 



interview. OH-10-92 (S-CCO). 

It he Great Conversation , 10, 11. 



14. tS CCO ND.C hie f of Staff, NSA, Memorandum to Deputy Director, NSA. Subject: OPSEC Task Force Report. 
10 May 1988 (S NFCCO). 

15. (U) The White House, Washington, Fact Sheet. National Operations Security Program , 1-2; Director of 
Operations Security, NSA. OPSEC Brief. 

16. (U) White House Fact Sheet, 1-3, U4. 

17. (U) Ibid., 1-4. 

18. (U) Ibid., 1-4. 



(b) (3) -P.L. 86-36 



NOT RE LEAD ABLE TO FOREIGN NATIONAL S 



93 



TOP SECRE T UM3RA 





~~ TOH 5LC I ILT UMDRft - 





94 




TOP SECRE T UMBRA 



Abbreviations and Coverterms Relating to Operation PURPLE 
DRAGON and Operations Security 



ACP 

ADIZ 

AFSS 

ALTREV 

ARC LIGHT 

ARG 

ARVN 

ASA 

ATC 



Airborne Command Post 
Air Defense Identification Zone 
U.S., Air Force Security Service 
Altitude Reservations 

U.S. coverterm for B-52 strikes inside South Vietnam 

Amphibious Ready Group 

Army of the Republic of Vietnam 

U.S., Army Security Agency 

Air Traffic Control 



B Group 
B21 
B45 
BJTF 

BLUE SPRINGS 



BOLD MARINER 

CFNVN 

Cl 

CINCPAC 



NSA, Office of Asian Communist Nations 
NSA, 

NSA, 



NSA, B Group Joint Task Force 

U.S. coverterm for SAC low-altitude reconnaissance drone 
operations during the initial PURPLE DRAGON survey. Later 
redesignated at various times BUMBLE BUG, BUMPY ACTION, and 
BUFFALO HUNTER 

U.S. coverterm for amphibious assault landing at Batangan, RVN, 
1969 

Chinese Forces in North Vietnam 
Counterintelligence 

U.S., Commander in Chief, Pacific Command 



COMINT 


Communications intelligence 


COMSEC 


Communications security 


COSVN 


DRV, Central Office, South Vietnam 


CRD 


DRV, Central Research Directorate 


CSS 


U.S., Central Security Service 


DIA 


U.S., Defense Intelligence Agency 


DIRNSA 


U.S., Director, NSA 



-50 USC 403 
-P.L. 86-36 
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DOE 

DRV 

EAGER YANKEE 

ECM 

FAC 

FOCUS RETINA 
FRAG ORDER 



U.S., Department of Energy 

Democratic Republic of Vietnam (North Vietnam) 

U.S. coverterm for amphibious assault landing, RVN, 1968 
Electronic countermeasures 
Forward Air Control 

U.S./ROK coverterm for joint training exercise, ROK, 1969 
Fragmentary order 



HEAVY ARTILLERY 

HUMINT 

IOSS 

JCS 

JGS 

L/H HOUR 

MACV 

MAF 

MARKET TIME 

MIB 

MIS 

MRF 

MSD 

NCS 

NOAC 

NOTAM 

NSA 

NSDD 

NSG 

NTDS 

NVA 

OPSEC 

PACOM 



U.S. coverterm for B-52 strikes 

Human intelligence 

U.S., Interagency OPSEC Support Staff 

U.S., Joint Chiefs of Staff 

RVN Joint General Staff 

Helicopter landing/assault boat landing hour 

U.S. Military Assistance Command, Vietnam 

Marine Amphibious Force 

U.S./RVN coverterm for coastal interdiction operations, RVN 

DRV, Military Intelligence Bureau 

DRV, Military Intelligence Section 

Mobile Riverine Force 

RVN, Military Security Directorate 

NSA, National Cryptologic School 

U.S., National OPSEC Advisory Committee 

Notice to Airmen 

U.S., National Security Agency 

National Security Decision Directive 

U.S., Naval Security Group 



Naval Tactical Data System 
North Vietnamese Army 
Operations security 
U.S., Pacific Command 
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PFIAB 

POINT JULIETTE 
PRC 

PURPLE DRAGON 
PW 

RALLIER 



U.S., President’s Foreign Intelligence Advisory Board 

U.S. coverterm for B-52 and RC-130 rendezvous point west of the 
Philippines 

People’s Republic of China 

U.S. coverterm for the first CINCPAC OPSEC survey, 1966—1967, 
and unofficial coverterm for CINCPAC's permanent OPSEC 
branch, 1967-1973 

Prisoner of war 

VC defector 



ROK 


Republic of Korea (South Korea) 


ROLLING THUNDER U.S. coverterm for fighter-bomber bombing raids against DRV, 

1965-1968 

(b) (1) 


RVN 


Republic of Vietnam (South Vietnam) !?! f. US o, 4 ^ 


SI 


NSA, Communications Security Division 


SAC 


U.S., Strategic Air Command 


SCA 


U.S., Service Cryptologic Agencies 


SIG-I 


U.S., Senior Interagency Group for Intelligence 


SIGINT 


Signals intelligence 


SIS 


DRV, Strategic Intelligence Section 


SLF 


Special Landing Force 


SOI 


Signal Operations Instructions 


STRICOM 


U.S., Strike Command 


SWIFT SABER 


U.S. coverterm for amphibious assault landing, RVN, 1968 


TECHINS 


NSA, Technical Instructions 


TF 


Task Force 


TOC 


Tactical Operations Center 


TOT 


Time Over Target 


TOUCHDOWN 


U.S. coverterm for U.S. Army operation resulting in the capture of 
aVC/NVATRU 


TRU 


DRV, Technical Reconnaissance Unit 


U&S COMMANDS 


U.S., Unified and Specified Commands 


UTM 


Universal Transverse Mercator 


VC 


Viet Cong 
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VNN 

YANKEE STATION 



RVN, Vietnamese Navy 

U.S. coverterm for aircraft carrier rendezvous point in the Gulf of 
Tonkin 
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